andreasrsa / clamtk Goto Github PK

README
------
(Last updated  8 February 2015)

1. Important Links

ClamTk		        : http://code.google.com/p/clamtk/
                        : https://bitbucket.org/dave_theunsub/clamtk/
                        : http://freshmeat.net/projects/clamtk/
                        : http://clamtk.sourceforge.net
ClamAV			: http://www.clamav.net
Gtk2-Perl		: http://gtk2-perl.sourceforge.net
Launchpad ClamTk:       : https://launchpad.net/clamtk
Virustotal              : https://virustotal.com

2. About

ClamTk is a frontend for ClamAV (Clam Antivirus).
It is intended to be an easy to use, light-weight, on-demand scanner
for Linux systems. It has been ported to Fedora, Debian, RedHat,
openSUSE, ALT Linux, Ubuntu, CentOS, Gentoo, Archlinux, Mandriva,
PCLinuxOS, Frugalware, FreeBSD, and others.

Although its earliest incarnations date to 2003, ClamTk was first
uploaded for distribution in 2004 to a rootshell.be account and
finally to Sourceforge.net in 2005. At the end of 2013, we moved to a
Google Code page and Bitbucket. It's now 2015 and for some reason
it's still going.  February 2015 marks 11 years of activity
(of being publically available, that is).

3. GUI

ClamTk started out using the Tk libraries (thus its name). In 2005,
this was changed to perl-Gtk2 (or Gtk2-perl, whatever). The Tk version
is still available on sourceforge.net but has not been updated for
some time now and should not be used.

The plan for the 5.xx series was to use Gtk3.  Unfortunately, Debian
and Ubuntu do not have a recent version of libgtk3-perl, and CentOS
does not have perl-Gtk3 at all and reportedly never will.
So, at the last second, I rewrote the 5.00 version to use Gtk2.  Again.

4. Availability

I always recommend you install ClamTk from official repositories.
Check your distribution first, and always install from trusted sources.

5. Installation

RPMs:
The easiest way to install ClamTk is to use the rpms.

First, try "yum install clamtk". If this does not work,
download it and try:

# yum install clamtk*.rpm

To remove clamtk:
# yum erase clamtk

SOURCE:
Warning: Don't do this.  It's much easier to just double-click
a .deb or .rpm.  Really, put down the source.
The tarball contains all the sources. One way to do this on Fedora:
# mkdir -p /usr/share/perl5/vendor_perl/ClamTk
# cp lib/*.pm /usr/share/perl5/vendor_perl/ClamTk
# chmod +x clamtk
# cp clamtk /usr/local/bin (or /usr/bin)

	EXAMPLES:
	a. $ perl clamtk
	or
	b. $ chmod +x /path/to/clamtk
	   $ /path/to/clamtk

* Note: If you have installed this program as an rpm or .deb, you
do not need to take these steps.

* Note: Did you get errors with this? Check the TROUBLESHOOTING section
at the end.

DEBs:

You should be able to just double-click the .deb file to install it.
This assumes you have permissions to install programs, of course. Your
package manager should grab any necessary dependencies.

By the commandline, you can do this:

# dpkg -i clamtk-*.deb

To remove clamtk:
# dpkg --purge clamtk

Note that the Debian/Ubuntu builds are gpg-signed.

6. Running ClamTk

	a. Beginning with version 4.23, ClamTk will automatically
	   search for signatures if you do not have them set already.
	   This way ClamTk should work right out of the box, with no
	   prompting.

	b. Consider the extra scanning options in Settings.

	   Select "Scan files beginning with a dot (.*)" to scan
	   those files beginning with a ".".  These are sometimes
           referred to as "hidden" files.

	   Select "Scan directories recursively" to scan all files
	   and directories within a directory.

	   The "Scan for PUAs" option enables the ability
	   to scan for Potentially Unwanted Applications as well as
	   broken executables.  Note that this can result in
           what may be false positives.

	   By default, ClamTk will avoid scanning files larger than 20MB.
	   To force scanning of these files, check the "Scan files
	   larger than 20 MB" box.

           You can also check for updates upon startup.  This requires
           an active Internet connection.

	c. Information on items quarantined is available under the
	   "Quarantine" option.  If you believe there is a false
           positive contained, you can easily move it back to
           your home directory. You may also delete this file(s).
           Note that there is no recycle bin - once deleted, they are
           gone forever.

	d. Scan a file or directory by right-clicking on it within
           the file manager (e.g., Nautilus).

	e. You can STOP the scan by clicking the Cancel button.
           Note that due to the speed of the scanning,
           it may not stop immediately; it will continue scanning
           and displaying files it has already "read" until the
           stop catches up.

        f. View previous scans by selecting "History".

        g. The Update Assistant is necessary because some systems
           are set up to do automatic updates, while others must
           manually update them.

        h. If you require specific proxy settings, select "Network".

        i. As of version 5.xx, you can use the "Analysis" button to
           see if a particular file is considered malicious by other
           antivirus products.  This uses results from Virustotal.
           If you desire, you can submit a file for further review.
           Please do *not* submit personal files.

        j. The "Whitelist" option provides the ability to skip
           specific directories during scan time.  For example, you
           may wish to skip directories containing music or videos.

7. Commandline

ClamTk can run from the commandline, too:

$ clamtk file_to_be_scanned
or
$ clamtk directory_to_be_scanned

However, the main reason for the commandline option (however basic) is
to allow for right-click scanning within your file manager (e.g., Nautilus
or Dolphin).  If you want more extensive commandline options, it is
recommended that you use the clamscan binary itself. (Type
"man clamscan" at the commandline.) Or, if you know of something useful,
let me know and I can add it as an option.

8. Afterwards

You can view and delete scan logs by selecting the "History" option.

You also have a few options with the files displayed. Click on the file
scanned to select it, then right-click: you should have four options there.

	a. Quarantine this file: This drops the selected file into a
	"quarantined" folder with the executable bit removed.  The
        quarantine folder is held in the user's ClamTk folder
        (~/.clamtk/viruses).
	b. Delete this file: Be careful: There's no recycle bin!
	d. Cancel: Cancels this menu.

9. Quarantine / Maintenance

If you've quarantined files for later examination, you have the option
to restore them to their previous location (if known), or delete them.

10. Locale/Internationalization

Version 2.20 is the first ClamTk version to offer this. Have time
on your hands and want to contribute? See the Launchpad page at
https://launchpad.net/clamtk .

Note that some builds do not account for other than English
languages because they have not yet updated their build/spec files.
A polite email to the respective maintainer may fix this.

11. Limitations/Bugs

Probably a lot. Let me know, please. Ranting on some bulletin board
somewhere on one of dozens of Linux sites will not improve things.
Let me know what you like and dislike!

One of the current issues that hopefully will be resolved is that
ClamAV rpms are not standardized. This isn't my fault (that I'm aware of),
but I feel it adds unnecessary confusion (as opposed to necessary
confusion :). Because of this, multiple builds are needed as opposed to
just one. Fortunately, Debian does not appear to suffer from this.

Also, some distributions require you to manually delete certain
malware - such as the (un)popular right-to-left override stuff.

12. Contact

For feature requests or bugs, it's best to email me. You can also go
to the Launchpad project page listed above and submit requests/problems there.

13. Other

As of version 3.10, ClamTk will not scan standard mail directories,
such as .evolution, .mozilla or .thunderbird. This is due to parsing
problems.  If I come up with a smart way of doing that, it will be added.

Also, please note that version numbers mean absolutely nothing. There
is no rhyme or reason to odd or even numbers, so an odd number does not
mean "unstable".  A new version means it goes up 1 (or, rather, .01).
Because I changed from Tk to Gtk2 I did move the major version number up
significantly, but that was just to keep them separate.
The version 3.xx series became 4.xx when there was a major change in
the packaging and processes.  As stated, 5.xx was supposed to be
the jump from Gtk2 -> Gtk3.  Still, enough changed that it warranted
the 5.xx series.
Just pointing it out.

14. Troubleshooting

* Are your signatures up to date, but ClamTk says they're not?

  You probably have more than one virus signature directory. See below
  answer for finding signatures.

* If you are getting an error that ClamTk cannot find your signatures:

  ClamTk is trying to find its virus definitions. Typically these are
  held under /var/lib/clamav or /var/clamav or ... If you are sure these
  files exist, please find their location and send it to me.
  Try the following to determine their location:

  1. find /var -name "daily.cvd" -print
  2. find /var -name "daily.cld" -print

* Are you using the source and you see something like this:
Can't locate Foo/Bar.pm in @INC... (etc, etc).

  This means you are missing some of the dependencies. Try to find
  the dependency through your distribution's repositories, or simply
  go to http://search.cpan.org. I recommend trying your distro's repo
  first. It's more than likely your distribution already packages these
  for easy installation. Depending on your distro, you will likely
  use "yum" or "apt" or some "Update Manager" and the like.

15. Thanks to...

	* Everyone who has contributed in one way or another to ClamTk -
	  including language files, bug notifications, and
	  feature requests
	* Dag, without whom rpms would likely not exist
	* All the gtk2-perl and gtk3-perl folks for their time and effort
	* Perlmonks.org for helping me learn the wonderful Perl language -
	  and continuing to do so on a daily basis!
	* Ksnapshot for making snapshot-taking very easy

16. Contributors

  Many people have contributed their time, energy, opinions,
  recommendations, and expertise to this software. I cannot thank
  them enough.  Their names are listed on the ClamTk website.

17. Direct contact

email : dave.nerd AT gmail DOT com